Module 5: Network Protocols & Sockets
Primary texts: Computer Networking: A Top-Down Approach (Kurose & Ross) for protocols, Unix Network Programming Vol. 1 (Stevens) for sockets
Selective support: High Performance Browser Networking (Grigorik) for HTTP/2, HTTP/3, TLS, and transport tuning; RFCs for canonical definitions; Beej's Guide to Network Programming for a compact socket reference
This guide is the primary teacher. You do not need to read the source books front-to-back to complete this module. You do need to become operationally strong at reasoning about layered protocols, reading packet structure, building real socket programs, and debugging a network problem with the right tool.
Scope of This Module
This module is not a protocol trivia sheet. It is where the network stops being a cloud labelled "Internet" and becomes a stack you can inspect, control, and program.
What it covers in depth:
- the layered model and why protocol design keeps coming back to it
- encapsulation, headers, and how one packet carries payloads for every layer above it
- addressing at link, network, and application layers: MAC, IP, ports, and DNS names
- IPv4 and IPv6 addressing, subnets, CIDR prefixes, routing, and NAT
- the control plane / data plane split and the role of ICMP
- UDP as a minimal datagram service and when connectionless is the right choice
- TCP reliability, sequence numbers, flow control, and congestion control as distinct mechanisms
- the TCP three-way handshake, state machine, and connection close including
TIME_WAIT - HTTP/1.1 request-response shape, methods, status classes, and persistent connections
- HTTP/2 and HTTP/3 (QUIC) multiplexing, header compression, and why UDP is underneath QUIC
- TLS 1.3 handshake, certificates, and what "authenticated encrypted channel" actually means
- the Berkeley sockets API as a system-call contract for reliable and datagram IPC over the network
- server architecture choices: iterative, forking, threaded, and event-driven, and what each optimizes
tcpdump,wireshark,netstat, andssas first-class debugging tools
What it deliberately does not try to finish here:
- link-layer details beyond MAC addressing and switch/ARP basics
- full wireless, cellular, and mobility stacks
- deep congestion-control algorithm variants beyond the Reno/CUBIC baseline
- application protocols beyond HTTP, DNS, and TLS (email, SIP, gRPC, etc.)
- full-blown distributed-systems topics like consensus and replication (Semester 6)
This is a bridge module. It turns the OS-level understanding of Semesters 4 and 5 into "I can write a networked program and explain every byte on the wire."
Before You Start
Answer these closed-book before starting the main path:
- If you type
curl https://example.com/what distinct layers of addressing and naming are consulted before the first byte leaves your NIC? - A UDP socket and a TCP socket both use IP. What does TCP add that UDP does not, and what does UDP gain by refusing those features?
- Two TCP connections from the same client to the same server IP and port do not collide on the server. Why?
- Your HTTP request hangs. Name at least three distinct layers where the problem could live.
- What is the difference between "the packet was dropped" and "the connection was reset"?
Diagnostic Interpretation
4-5 solid answers
- You are ready for the full path.
2-3 solid answers
- Continue, but expect extra time in Clusters 3 (TCP) and 5 (socket programming).
0-1 solid answers
- Skim Module 3 (concurrency) and Module 4 (file I/O) first. Sockets are file descriptors plus protocol, and concurrent servers depend on the concurrency primitives from earlier in the semester.
What This Module Is For
Networking is the substrate of every modern engineering discipline. Later work repeatedly asks questions like:
- what actually happens between
send()and the byte arriving on the other host? - why did this connection stall at exactly 64 KiB, then resume?
- why does my service handle 1,000 connections fine and melt at 10,000?
- is this a DNS problem, a routing problem, a TCP problem, or a TLS problem?
- what does "the server is up but the health check is timing out" really mean?
This module builds the networking reasoning needed for:
- backend services, load balancers, and reverse proxies
- distributed systems and RPC frameworks (Semester 6)
- cloud networking, VPCs, and security groups (Semester 9)
- performance tuning of web clients, servers, and CDNs
- any future work where "the network is the computer"
You are learning to reason about packets, protocols, and server sockets without handwaving.
Concept Map
How To Use This Module
Work in order. The later clusters only make sense if the earlier mental model is stable.
Cluster 1: The Networking Mental Model
| Order | Concept | Type | Focus |
|---|---|---|---|
| 1 | The Layered Model: Physical, Link, Network, Transport, Application | PRIMARY | Why layers exist, what each layer owns, and why the abstraction leaks |
| 2 | Encapsulation: Headers, Payloads, and Protocol Stacks | PRIMARY | How a single frame on the wire carries every upper layer inside it |
| 3 | Addressing and Naming: MAC, IP, DNS | PRIMARY | Three different identifier systems and how packets get from name to NIC |
Cluster mastery check: Can you draw the five-layer stack and label the identifier used at each layer to deliver one HTTP request?
Cluster 2: IP and the Network Layer
| Order | Concept | Type | Focus |
|---|---|---|---|
| 4 | IPv4 and IPv6: Addressing and Subnets | PRIMARY | Address formats, subnet masks, prefixes, and address exhaustion |
| 5 | Routing, CIDR, NAT | PRIMARY | Longest-prefix match, CIDR aggregation, and how NAT rewrites packets |
| 6 | ICMP and the Control-Plane vs Data-Plane Distinction | SUPPORTING | Why ICMP exists, what "control plane" means, and how ping and traceroute work |
Cluster mastery check: Given 10.0.24.53/20, can you name the network, the broadcast, the usable host range, and whether 10.0.33.10 is in the same subnet?
Cluster 3: TCP and UDP
| Order | Concept | Type | Focus |
|---|---|---|---|
| 7 | UDP: Connectionless, Datagram, Use Cases | PRIMARY | What UDP does, what it refuses to do, and when that is the right tradeoff |
| 8 | TCP: Reliability, Sequencing, Flow Control, Congestion Control | PRIMARY | Four distinct mechanisms, not one, that together turn IP into a stream |
| 9 | The TCP Handshake and State Machine | PRIMARY | SYN, SYN-ACK, ACK, FIN/CLOSE, and the TIME_WAIT state |
Cluster mastery check: Can you trace a TCP connection from SYN to CLOSED and say what each intermediate state is waiting for?
Cluster 4: Application Protocols and HTTP
| Order | Concept | Type | Focus |
|---|---|---|---|
| 10 | HTTP/1.1: Request/Response, Methods, Status Codes | PRIMARY | The wire format of a request and response, method semantics, status classes |
| 11 | HTTP/2 and HTTP/3 (QUIC): Multiplexing, Header Compression | SUPPORTING | Why HTTP/1.1 was not enough and how newer versions solve head-of-line blocking |
| 12 | TLS: Handshake, Certificates, Why and How | PRIMARY | Authenticated encrypted channel, X.509 trust chain, and the 1-RTT TLS 1.3 handshake |
Cluster mastery check: Can you explain what each of these gives you and what is left to chance: raw TCP, TLS over TCP, HTTP/1.1 over TLS, HTTP/3?
Cluster 5: Socket Programming
| Order | Concept | Type | Focus |
|---|---|---|---|
| 13 | Berkeley Sockets API: socket, bind, listen, accept, connect, send, recv | PRIMARY | The system-call contract that every TCP/UDP program uses |
| 14 | Server Architectures: Iterative, Forking, Threaded, Event-Driven | PRIMARY | Four concurrency strategies, what they optimize, and where they break |
| 15 | Network Debugging: tcpdump, wireshark, netstat, ss | SUPPORTING | Seeing actual packets, counts, and socket states instead of guessing |
Cluster mastery check: Can you write a threaded TCP echo server, capture its handshake in tcpdump, and point to the SYN, SYN-ACK, and ACK in the output?
Then work these practice pages:
| Order | Practice path | Focus |
|---|---|---|
| 1 | Layered Model and Addressing Lab | Stack tracing, packet encapsulation, subnet math, DNS resolution |
| 2 | Transport and Connection Clinic | UDP vs TCP selection, handshake walkthroughs, state-machine drills |
| 3 | HTTP, TLS, and Application Workshop | Reading HTTP on the wire, status choice, TLS handshake reasoning |
| 4 | Code Katas | Threaded + epoll echo servers, HTTP/1.1 client/server, tcpdump of a handshake, TCP vs UDP throughput and loss |
Use Module Quiz after the concept and practice path. Use Reference and Selective Reading and Learning Resources only for targeted reinforcement.
Learning Objectives
By the end of this module you should be able to:
- Draw the five-layer Internet model and describe each layer's addressing, unit of data, and one representative protocol.
- Describe encapsulation precisely, including the order of headers prepended as data moves down the stack.
- Distinguish MAC, IP, and DNS names and explain which one is used where during a single HTTP request.
- Do IPv4 subnet math for any given CIDR prefix, including network, broadcast, usable range, and subnet membership.
- Explain routing as longest-prefix match and describe how NAT rewrites source address and port.
- Explain the purpose of ICMP and the difference between control-plane and data-plane traffic.
- Choose between UDP and TCP for a given use case and defend the choice.
- Describe TCP reliability, sequencing, flow control, and congestion control as four distinct mechanisms.
- Trace a TCP connection through every state from
SYNtoCLOSED, includingTIME_WAIT, and explain why each state exists. - Read an HTTP/1.1 request and response byte for byte and choose appropriate methods and status codes.
- Explain the main differences HTTP/2 and HTTP/3 introduce and why QUIC runs on UDP.
- Describe the TLS 1.3 handshake and the role of the certificate chain in authentication.
- Write both a TCP and a UDP program in C (or equivalent) using the Berkeley sockets API.
- Implement at least one concurrent server using threads and one using an event loop (
epoll,kqueue, or equivalent). - Capture a TCP handshake with
tcpdumpor Wireshark and annotate every packet.
Outputs
- a networking lab notebook with at least 20 solved exercises across layering, subnets, TCP, HTTP, and sockets
- a subnet and CIDR worksheet with at least 10 prefix-math problems and their reasoning
- annotated
tcpdump/wiresharkcaptures of a TCP handshake, a full HTTP/1.1 request/response, and a TLS handshake - a working concurrent echo server in at least two forms: threaded and event-driven, with short notes on tradeoffs
- a minimal HTTP/1.1 client and server (single-file each) that handle at least
GETand200/404 - a short throughput and loss-tolerance experiment comparing TCP and UDP under induced loss (
tc netemon Linux, or equivalent) - a mistake log naming at least 10 recurring errors such as
forgot byte order,blocking accept in single thread,confused TIME_WAIT with CLOSE_WAIT, orsent HTTP without Content-Length and Connection: close - a short memo explaining how Module 5 feeds into distributed systems and cloud networking in later semesters
Completion Standard
You have completed Module 5 when all of these are true:
- you can name the layer at which a given problem lives before guessing a fix
- you can do CIDR math without a calculator
- you can explain why TCP flow control and TCP congestion control are different mechanisms
- you can trace any TCP connection through its state machine, including
TIME_WAIT - you can write a socket server with real concurrency and explain why you chose that model
- you can read enough of a
tcpdumpcapture to locate the SYN, the SYN-ACK, and the first data segment - you can explain TLS's purpose and roughly how the 1-RTT handshake establishes it
If "the network works" but you cannot point at one layer of the stack and describe its contract, the module is not complete.
Reading Policy
- Concept pages are the main path.
- Local book chunks are selective reinforcement, not a second syllabus.
Read only if stuckmeans try the concept page, self-check, and drill first.Optional deep divemeans additional nuance or exercise volume, not required progression.- Because this module ends Year 2 and sets up the entire back half of the program, written explanations and at least one working server of your own are required, not optional enrichment.
Suggested Weekly Flow
| Day | Work |
|---|---|
| 1 | Concepts 1-3 and one stack-tracing worksheet |
| 2 | Concepts 4-6 and at least six CIDR/subnet problems |
| 3 | Concepts 7-9 and a handwritten TCP state-machine walkthrough |
| 4 | Concepts 10-12 and an annotated HTTP exchange from curl -v |
| 5 | Concepts 13-14 and a first working TCP echo server (iterative + threaded) |
| 6 | Concept 15, Practice 1-2, and a tcpdump capture of your own server |
| 7 | Practice 3-4, quiz, and mistake-log cleanup |
Reference
If you need exact links into the local chunked books, use Reference and Selective Reading.
Three projects for this module, in increasing depth: the Network Stack (TCP) tutorial implements TCP/IP from raw frames; the BitTorrent Client tutorial is a real peer-to-peer protocol; the Container Runtime tutorial covers Linux namespaces. See Build Your Own X overview.
Rich Learning Pages
Worked Examples | Guided Labs | Case Studies | Mistake Clinic | Reading Guide | Capstone Thread
Model Artifact Calibration
For network diagnostic evidence, compare your trace notes to the packet capture analysis model artifact.